"The threat actor's high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent intrusions heavily impacting healthcare organizations, as well as those in the education, professional services, and finance sectors in Australia, the United Kingdom, and the United States."
"Storm-1175 weaponizes newly disclosed vulnerabilities immediately. It was seen exploiting the NetWeaver bug one day after it was publicly disclosed on April 24, 2025."
The Medusa ransomware group, active since June 2021, has targeted over 300 organizations in critical infrastructure, employing double extortion tactics. Known for rapid operational tempo, they exploit unpatched vulnerabilities and phishing for initial access. Recent attacks have heavily impacted healthcare, education, professional services, and finance sectors in multiple countries. Medusa's operators, tracked as Storm-1175, weaponize newly disclosed vulnerabilities quickly, often within days. They have exploited at least 16 vulnerabilities across various platforms, including Microsoft Exchange and Oracle WebLogic, demonstrating proficiency in chaining security defects for remote code execution.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]